#2252: wxGUI vector digitizer passing unescaped text to database -------------------------+------------------------------------------------- Reporter: marisn | Owner: grass-dev@… Type: defect | Status: closed Priority: critical | Milestone: 7.0.5 Component: wxGUI | Version: svn-trunk Resolution: fixed | Keywords: security, code injection, SQL CPU: | injection, data loss, v.db.update Unspecified | Platform: Unspecified -------------------------+-------------------------------------------------
Comment (by mlennert): I don't think we have to reopen this ticket, but an interesting effort was just done for QGIS Server: [http://oslandia.com/en/2017/06/14/qgis-server-security-aspect/] If anyone with SQL skills wants to try to wreck havoc on some GRASS GISDBASE data, the feedback would obviously be more than welcome. -- Ticket URL: <https://trac.osgeo.org/grass/ticket/2252#comment:20> GRASS GIS <https://grass.osgeo.org>
_______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/grass-dev